12.31.14

Summary: Via Chaos Computer Club e.V: For freedom in your own computer, the software must be free. For freedom on the internet, we must organize against surveillance, censorship, SaaSS and the war against sharing

12.19.14

We say that running free software on your computer means that its operation is under your control. Implicitly this presupposes that your computer will do what your programs tell it to do, and no more. In other words, that your computer will be loyal to you.

In 1990 we took that for granted; nowadays, many computers are designed to be disloyal to their users. It has become necessary to spell out what it means for your computer to be a loyal platform that obeys your decisions, which you express by telling it to run certain programs.

Our tentative definition consists of these principles.

Neutrality towards software

The computer will run, without prejudice, whatever software you install in it, and let that software do whatever its code says to do.

A feature to check for signatures on the programs that run is compatible with this principle provided the signature checking is fully under the user’s control. When that is so, the feature helps implement the user’s decision about which programs to run, rather than thwarting the user’s decisions. By contrast, signature checking that is not fully under the user’s control violates this principle.

Neutrality towards protocols

The computer will communicate, without prejudice, through whatever protocol your installed software implements, with whatever users and whatever other networked computers you direct it to communicate with.

This means that computer does not impose one particular service rather than another, or one protocol rather than another. It does not require the user to get anyone else’s permission to communicate via a certain protocol.

Neutrality towards implementations

When the computer communicates using any given protocol, it will support doing so, without prejudice, via whatever code you choose (assuming the code implements the intended protocol), and it will do nothing to help any other part of the Internet to distinguish which code you are using or what changes you may have made in it, or to discriminate based on your choice.

This entails that the computer rejects remote attestation, that is, that it does not permit other computers to determine over the network whether your computer is running one particular software load. Remote attestation gives web sites the power to compel you to connect to them only through an application with DRM that you can’t break, denying you effective control over the software you use to communicate with them. Netflix is a notorious example of this.

We can comprehend remote attestation as a general scheme to allow any web site to impose tivoization or “lockdown” on the local software you connect to it with. Simple tivoization of a program bars modified versions from functioning properly; that makes the program nonfree. Remote attestation by web sites bars modified versions from working with those sites that use it, which makes the program effectively nonfree when using those sites. If a computer allows web sites to bar you from using a modified program with them, it is loyal to them, not to you.

Neutrality towards data communicated

When the computer receives data using whatever protocol, it will not limit what the program can do with the data received through that communication.

Any hardware-level DRM violates this principle. For instance, the hardware must not deliver video streams encrypted such that only the monitor can decrypt them.

Debugability

The computer always permits you to analyze the operation of a program that is running.

Documentation

The computer comes with full documentation of all the interfaces intended for software to use to control the computer.

Completeness

The principles above apply to all the computer’s software interfaces and all communication the computer does. The computer must not have any disloyal programmable facility or do any disloyal communication.

For instance, the AMT functionality in recent Intel processors runs nonfree software that can talk to Intel remotely. Unless disabled, this makes the system disloyal. █

This page is licensed under a Creative Commons Attribution-NoDerivs 3.0 United States License.

05.07.14

Summary: The pressure against software freedom and user control over his/her PC a growingly serious issue

FAIR competition is a business risk that Microsoft cannot tolerate. Microsoft wants to mistreat many users by exposing them (for cash) to the NSA. With UEFI and remote updates, the NSA can even remotely brick computers — a serious risk that almost nobody is willing to speak about. It’s all about control (over users) and Microsoft goes out of its way to reduce users’ security. As Richard Stallman put it the other day: “Nonfree [proprietary] software is likely to spy on its users, or mistreat them in other ways. It is software for suckers. Awareness of this is spreading, which helps us make the case for Free software to people who are not computing experts.”

What’s even more troubling right now is that Vista 8 is self-updating (for the latest back doors to be installed) and Ryan tells us that “Microsoft is about to get rid of support for Windows 8.1 without the update pack, and it seems the broken Windows Update problem is still pretty common.” To quote: “Check your Windows Update log, if you’ve got a “Failed” entry next to KB2919355 then your PC will also become orphaned after May 8.” So much for ‘security’.

In order to install Linux from a bootable USB stick I need to be able to get to the Boot Selection menu, but on Acer systems with UEFI firmware, this is a bit tricky. The Boot Menu key (F12) is disabled by default, so I first have to boot to the BIOS Setup Utility, by pressing F2 during the power on or reboot cycle. Then in the Main setup screen there is an option to enable “F12 Boot Menu”.

That’s one trick down, but there’s another one which might be required. Depending on what version of Linux you want to install, and perhaps how you feel about Secure Boot, you might want/need to disable that. In the BIOS Setup Utility, on the Boot menu there is an option to disable Secure Boot – but I can’t get to it: moving the cursor down just skips over it!

I can change boot mode from UEFI to ‘Legacy BIOS’, but that isn’t what I want to do. I learned (the hard way) with my previous Acer Aspire One, that I have to go to the Security menu and set a “Supervisor Password” before it will let me disable Secure Boot mode. I’m sure this makes sense to someone, but whoever that is, it isn’t me.

In this case I am going to start by installing Linux with Secure Boot still enabled, so I don’t really have to do this, but I went ahead and set a supervisor password anyway, because I will eventually want to turn off Secure Boot anyway.

An ordinary computer user would give up at this stage.

It sure seems like control over one’s computer is getting harder, whether it’s due to artificial limitations or imposed back doors. Fighting for software freedom is important right now, more so than ever before. Some companies and government agencies truly dread the idea of people controlling their machines. The International Day Against DRM is a reminder of this [1,2,3] and based on a new report [4] the FBI is now “pushing its plan to force surveillance backdoors.” Like CIPAV in Microsoft Windows? █

Today is the Day Against DRM, organized by the Free Software Foundation through their Defective by Design campaign against digital rights management (DRM), which they refer to instead with the more accurate moniker “digital restrictions management.”

CNET learns the FBI is quietly pushing its plan to force surveillance backdoors on social networks, VoIP, and Web e-mail providers, and that the bureau is asking Internet companies not to oppose a law making those backdoors mandatory.

TECHRIGHTS is the recipient of various smears that claim the site or its authors to be something that they are not (misrepresentation). We wrote many articles about it about 5 years ago, having seen smears as bad as “Taliban”. A very common pattern of smears is to call your rival/opponent in a debate “religious” about an opinion, as in dogmatic and detached from logic (there are other similar labels like “tinfoil hat” or “conspiracy theory”, as notedyears ago). The FSF, despite being mostly atheistic, is a regular recipient of the “religion” smear (Stallman’s parodies of religion may contribute to this). Microsoft sometimes smears Free software by characterising it as a religion and we, as vocal Novell critics, received similar smears from Novell apologists/staff (Microsoft Linux is still alive by the way and it is spreading to Google). Calling/labeling “religious” those who are non-religious makes no sense. It’s a cheap shot and those who use such cheap shots are often the ones who are irrational and detached from an alternative (opposing) point of view. When logic doesn’t work in an argument, then cheap shots get used, or ad hominem attacks.

Now, similar arguments have been made by some Apple “fanboys” (a label in itself) when they were accused of following Apple like it’s a religion (or cult, i.e. small religion). Those jokes about Apple being followed like a religion and Jobs being treated like a Messiah are not so far fetched anymore. And why?

To quote CNBC: “Steve Jobs warned Apple’s leadership a year before his death that the company he founded faced an “innovator’s dilemma” over the growing threat from Google and promised a “holy war” on smartphones running its Android software, according to evidence shown in court on Tuesday”

Next time you see Free software proponents being referred to as “religious” or something along those lines remember the words of Steve Jobs and Bill Gates. They themselves seem to define/characterise their companies as religious movements.

It is clear why Apple is so afraid of Android, as now revealed by documents from inside Apple [1], noting that people are moving to Android and never coming back to the “holy” Apple (not even if they work for a company that’s a partner of Apple [2]). The other Steve from Apple (Wozniak) is now an Android user and he likes to brag (publicly) about Android phones, which based on some new study [3] are technically better and more stable.

People need not have a religious-type faith to choose GNU/Linux or Android; they do, however, need to have a strong belief in Apple in order to choose an overpriced iPhone. █

I’ve written about and reviewed mobile phones for almost a decade and a half. Everything from flip phones, to BlackBerrys, to today’s hottest Android models, and yes, Apple iPhones, have passed through my hands. That experience is why, more than anything, I’ve ultimately settled on Google Android as my smartphone platform of choice.

For long we have been hearing strories that Android is unsafe, unstable, while iOS is reliable. But new data that has emerged will totally change the picture. A study conducted by Crittercism, a performance monitoring company has revealed that while iOS 7.1 is the most stable version of iOS to date, its Android counterpart is far more stable.

03.25.14

Summary: The FSF gives an award for work on embracing ‘secure boot’, whereas the better option — in my own personal opinion — is to altogether boycott UEFI, for a variety of separate reasons

IT IS NOT often that I get to say this, but I disagree with the FSF’s decision to grant Matthew Garrett an award for work on UEFI. Not only has he acted as a Microsoft apologist (like Miguel de Icaza, who had also received an FSF award) but he also smeared Linux developers whom he did not agree with. Not only has he made Microsoft’s case (and Intel’s patents) stronger but he also made regulatory actions against UEFI 'secure boot' more complicated.

A world with UEFI ‘secure boot’ is a world lesssecure. We need to shun, boycott and altogether avoid UEFI, not find ways to embrace it. People who help popularise or lead us to acceptance of ‘secure boot’ are doing a disservice — not a service — to the principle of people controlling their own computing. That last point is what distinguishes my personal position from the FSF’s (collectively). █

Summary: The debate about software patents in the United States is back because many Free software advocacy groups and companies (not Open Invention Network though) are getting involved in a Supreme Court (SCOTUS) case

OVER THE past 6 months or so there have not been many debates about software patents. There were debates about trolls and other such distracting debates; many of them were ‘pre-approved’ by corporations and covered by the corporate press. We had highlighted this appealing trend several dozens of times before pretty much abandoning this debate and giving up on involvement; generally speaking, providing coverage for these debates is basically helping those who create obstacles for small players (monopolies/oligopolies) just shift the public’s attention away from patent scope.

Debates about software patents returned about a week ago. The Open Invention Network (OIN) was mentioned in the article “Software patents should include source code”, but it’s such an offensive idea because it helps legitimise software patents, which is what the Open Invention Network often does anyway. To quote the article: “Computer-implemented inventions that are patented in Europe should be required to fully disclose the patented invention, for example by including working, compilable source code, that can be verified by others. This would be one way to avoid frivolous software patents, says Mirko Boehm, a Berlin-based economist and software developer working for the OpenInvention Network (OIN).”

In another blog post, one from a proprietary software company, the ludicrous notion of “Intellectual Property” is mentioned in the context of Free software and patents. The author is actually pro-Free software, but the angle he takes helps warp the terminology and warp the discussion somewhat. To quote him: “My usual response to the question, “Do I have to worry about patent trolls and copyright infringement in open source software?” is another question, “Does your proprietary vendor offer you unlimited liability for patent trolls and copyright infringement and what visibility do you have into their source code?” In the proprietary world I think you’d be hard-pressed to find a vendor who provides unlimited liability for their products against IP infringement, or even much over the cost of the products or services rendered. How often do you review their source code and if given the opportunity are you able to share your findings with other users. In open source that’s simply table stakes.”

Contrary to all the above, the Software Freedom Law Center, together with the FSF and the OSI (SimonPhipps and Luis Villa) actually fight the good fight. To quote Phipps: “How important are software patents? We know they’re a threat to the freedom of developers to collaborate openly in communities, chilling the commercial use of shared ideas that fuels engagement with open source. We know that the software industry was established without the “incentive” of software patents. But the importance of the issue was spotlighted yesterday in a joint action by two leading open source organizations.”

Here is how Phipps concludes his article at IDG: “I endorse and welcome this joint position calling for firm clarity on software patents. (I was obviously party to the decision to take it, although I’m not writing on OSI’s behalf here.) With 15 years of history behind us, there’s far more that unites the FSF and the OSI than divides us. We’ve each played our part in the software freedom movement that has transformed computing. Now all of us in both communities need to unite to end the chilling threat of software patents to the freedom to innovate collaboratively in community.”

01.21.14

Richard Stallman today met Mr Rahul Gandhi, Vice President of the Indian National Congress and shared his views on digital surveillance system, unique identification project, free software in education and governance in a meeting that went on for one hour. Mr Joseph Mathew, Secretary of SPACE also participated in the meeting. Mr Gandhi showed keen interest in Stallman’s views on various issues relating to information technology.

To commemorate the occasion of GNU completing 30 years and SPACE 10 years, the free software community in Thiruvananthapuram is also organising an exhibition on free software and free knowledge on Education Freedom Day, which falls on January 18 at the Museum. The exhibition will focus on free software and free hardware for education and privacy protection. Various free software projects like Fedora, WoMoz, and HackerSpace will be part of the exhibition.

GnuCash is more than a simple checkbook register, although it can be used for that purpose. Its real power is in the features supporting small business use and managing multiple accounts. Its basic features are intuitive, but if you don’t have a bookkeeping background, be prepared to spend some time with the user guide in order to fully appreciate its advanced capabilities.

But the researchers, including Adi Shamir, a co-inventor of the widely-used RSA encryption algorithm, have shown how within one hour it was possible to extract a 4096-bit RSA private key used to decrypt email from a laptop running the OpenPGP-based mail encryption tool, GNU Privacy Guard.

After earlier this month delivering LLVM Clang 3.3/3.4 benchmarks for the new compiler infrastructure out of Apple, today are results that directly compare the new LLVM Clang 3.4 performance against the stable GCC 4.8.2 compiler and GCC 4.9.0 development compiler under various C/C++ benchmarks.

The Free Software Foundation (FSF) today awarded Respects Your Freedom (RYF) certification to Gluglug X60 laptops. The RYF certification mark means that the product meets the FSF’s standards in regard to users’ freedom, control over the product, and privacy. This is the first laptop to receive RYF certification from the FSF.

Computer scientists have devised an attack that reliably extracts secret cryptographic keys by capturing the high-pitched sounds coming from a computer while it displays an encrypted message.

The technique, outlined in a research paper published Wednesday, has already been shown to successfully recover a 4096-bit RSA key used to decrypt e-mails by GNU Privacy Guard, a popular open source implementation of the OpenPGP standard. Publication of the new attack was coordinated with the release of a GnuPG update rated as “important” that contains countermeasures for preventing the attack. But the scientists warned that a variety of other applications are also susceptible to the same acoustic cryptanalysis attack. In many cases, the sound leaking the keys can be captured by a standard smartphone positioned close to a targeted computer as it decrypts an e-mail known to the attackers.

The Free Software Foundation today has come out for “the first time we’ve ever been able to encourage people to buy and use a laptop as-is.” The Free Software Foundation now backs one laptop model as respecting the customer’s freedoms, but are the hardware specs any good?

11.28.13

Summary: Thanksgiving reminder for those who want to receive freedom-respecting presents or wish to give freedom-respecting presents

EARLIER TODAY we wrote GNU/Linux devices or computers that can be purchased on Black Friday. Well, the FSF has a new “Giving Guide”, which basically highlights the need to avoid DRM-laden products and other such malicious ‘gifts’ [1] that can merely imprison their receiver. One must remember that GNU/FSF advocates abundance, which in itself is a gift [2]. There is no need to buy and sell stuff when something can be shared for free [3]. When Richard Stallman created Emacs he wanted to share his work, not necessarily profit from it; that’s where the GPL licence comes from. Emacs continues to develop to this date (a WYSIWYG GUI might be coming [4]) along with essential low-level GNU libraries [5] which make up the basis for a lot of those “Linux” gadgets that are on sale this Black Friday. We oughtn’t forget that if it wasn’t for the foundations laid out by GNU, Linux would still be proprietary and probably never take off. █

The Free Software Foundation (FSF) today announced its 2013 Giving Guide, a resource for conscientious shoppers looking for geeky gifts that respect users’ freedom. Many holiday shoppers will be turning to gadgets and online services as gifts for friends and family, but these gifts are often rife with proprietary software, anti-features, or Digital Restrictions Management (DRM), all of which restrict how the gift can be used.

It is 30 years since Richard Stallman announced that he was going to write a complete UNIX-compatible software system called GNU, pioneering the idea of free and open source software, but the struggle continues